Now that Trent is back we finally got around to make a new episode and finally can talk about Facebook. Not the “old news” of the changes from the F8 conference as planned first but about it’s privacy issues instead.

Will distributed social networks be the solution? Will the finally take off? Or will Facebook stay the centralized place for everybody?

Two quick points, one about the geneal privacy conversation and the other about the “Like” button.

It’s not simply about “privacy” in the sense that I don’t want people to hear what I’m saying. I use twitter nearly every day and, yes, I even blog once in a while. But, like most people, I speak differently depending on the audience. I say things to my friends that I might not say in public, or at the very least I’d say them more diplomatically. Facebook led me to believe that the things I was posting would be seen only by the people I chose, so I sometimes used my “inside” voice (shut up, yes I do). Then Facebook said, “oh yeah, we decided to make everything public because it’s profitable for us to pretend that privacy is dead.” When people complained about this, their answer was: “Sucker”.

To me, it’s a simple question: What expectation did they lead me to have about who would see what I do on their service? Imagine that FB was good, but one of my friends was republishing everything that I wrote. Would that be ok, if that was a person? No, it wouldn’t. And if, when I said to that person, “what are you doing” and they responded, “I publish everything you write because I think privacy is dead”, I’d say “You don’t get to make that decision for me.”

I’m also very troubled by what they’re doing with the Like button. Imagine that my hypothetical friend said to me, “Because you’re my friend, I’m going to watch over your shoulder as you surf the internet and write down every site that you go to… and tell everyone”. You might say, “This is just a way for you to share stuff back to facebook. They only do this when you click ‘Like'”, but I don’t think that’s true. I think that it’s a stealth web tracking tool.

It looks to me as though the “Like” button is a tracking network for advertisers. Early on there was a bug where sites you visited would silently add apps to your profile when you visited their site. This wouldn’t be possible if Facebook wasn’t tracking the places you visited, even when you don’t click like.

So, what this looks like to me is that Facebook is leveraging their users to get sites to add facebook connect and the “like” button. The sites get the potential of broad distribution, the users get to share cool stuff with their friends. The price? Facebook gets to track everything you do, and everywhere you go, for the purpose of selling it to advertses. For me, at least, that price is too high. I still use Facebook, but I use it very differently and I sign out when I’m done. And I clear my cookies.

Am I being paranoid? Aren’t there fifty tracking tokens on every web page I visit? Sure, but none of them know exactly who I am. That’s the part I don’t like. I don’t mind being targeted as a member of a demographic (none of us is really the unique snowflake we think we are), but when you start to track exactly me by name and address, and tell my friends about it? Not cool, dude.

Ok, thank you. Also, I haven’t seen anyone talk about how the Like button is tracking us. That’s downright creepy.

Yes, there’s been a dearth of comment on the implications of “Like” so far. I don’t think people really get it yet.

“Why I don’t like ‘Like'”

I’ve noticed that in tech conversations lately, no one can say the word “like” anymore without saying it ironically/specially/FB-ishly. Annoying! It comes out already uppercased with air quotes.

We’re children of the ironic 80s. Everything we have ever said was in uppercase with air quotes 😀

The German privacy paradox

As a group, Germans are more private than anyone I know. My German grandfather-in-law used to lecture me: “People do not need to know that.” Germans complain about Google Streetview taking pictures of them … inpublic. They’re going after Facebook on privacy. They say that Google Analytics violates privacy. They even enable convicted killers to expunge their names from Wikipedia out of privacy. And now they’re up in arms about airport body scanners.
Yet go into a German sauna, and there the Germans are, male and female, together, sweaty and naked. Germans protect the privacy of everything but their private parts.

SWIFT agreement between EU and US rejected by the EU parliament

“Our laws are being broken and under this agreement they would continue to be broken. Parliament should not be complicit in this,” said Jeanine Hennis-Plasschaert, a Dutch liberal MEP. “The security of European citizens is not being compromised. Targeted transatlantic data-exchange will remain possible through other legal instruments. If the US administration would propose to the US Congress something equivalent to this – to transfer in bulk bank data of American citizens to a foreign power – we all know what the US Congress would say.”

Washington had applied intense pressure on the parliament to agree to the pact, with Hillary Clinton, the US secretary of state, and Timothy Geithner, US treasury chief, appealing to Jerzy Buzek, the president of the European parliament.
The parliament veto applies to data from Swift – the Society for Worldwide Interbank Financial Telecommunications – which is based outside Brussels and co-ordinates millions of financial transfers and transactions every day on behalf of thousands of banks.

SWIFT is the messaging backbone that connects banks internationally. It’s not a clearing house, it’s a communication system.

SWIFT – Society for Worldwide Interbank Financial Telecommunications, a cooperative of banks and other financial institutions that facilitates trillions of dollars in daily international transactions. Its members include almost 8,000 financial institutions in more than 200 countries.

The majority of international interbank messages use the SWIFT network. As of November 2008[update], SWIFT linked 8,740 financial institutions in 209 countries.[1] SWIFT transports financial messages in a highly secure way, but does not hold accounts for its members and does not perform any form of clearing or settlement.

Here is a Forbes article that says international cooperation has prevented money from getting to Al Queda, leaving them close to bankrupt: http://www.forbes.com/forbes/2010/0301/terrorism-funds-finance-osama-al-qaeda-bankrupt.html

The argument *for* this agreement in the first place was that the international banking network was being used to funnel money to terrorist groups. Most of us agree that this is a bad thing – and things were pretty scary back in 2002 – so the US and European governments agreed to start watching who sent money where.

The devil is in the details, though. One of the things we’ve seen in the US is that programs that are set up for one reason have a funny way of being used for other reasons. It’s entirely possible that this anti-terrorist tool was now being used to track… drug smugglers. Drugs finance terrorism, right? That’s not too far afield. So to get to the drug smugglers they go after… suspected money launderers in general. These guys are probably pretty far from actual terrorism but they’re criminals, right?

It’s very possible that there was serious scope creep in the program, and the govenments went “Hey, this isn’t what we signed up for”.

EU parliament now stronger on privacy/civil rights issues?

Gerry Beuchelt’s blog post on Germany “getting closer to the peak of hypocrisy” in its position on privacy (check out his whole series) – it references the earlier days of the SWIFT agreement effort, so maybe all is not lost!

One of his earlier posts: http://blog.beuchelt.org/2009/06/20/Orwell+20.aspx

What happens when a bureaucracy goes wild? Well, you can end up in a situation where private companies are facing the most restrictive privacy regime in the world, while government agencies are at liberty to spy on their people at will. Germany – my country of origin, and the country that claims to have “Informationelle Selbstbestimmung” (roughly: information self-determination) – has now completed a fairly comprehensive system of laws limiting fundamental human rights viz-a-viz the government:…

Google Buzz

The first thing you need to do on a site like FB or Twitter is tell it who your friends are. It’s a pain, and as sites get big people get annoyed with invite/friend messages. This is why back in 2004 everyone thought that it was going to be AOL, MSFT, or Yahoo that took down MySpace. They were the ones who already had the massive web of IM and email connections. They already knew, so they didn’t need you to re-create the list of who you care about.

Google is trying to sidestep that by basing it on your email. They already know who you communicate with because they have the messages.

The problem with buzz is that my friends and my business associates are all mixed together in my email. Buzz picked an initial set for me that was almost entirely business contacts. There are people I keep AWAY FROM on twitter and FB. Thanks, big G!

This time we feature a conversation with Drummond Reed. Not only is he in the Steering Group of the DataPortability Project but he also wears a lot of heads. In this episode he will talk about those hats and we especially talk about Open Identity Exchange (OIX) in depth.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Shownotes

Drummond and Eve co-authored an IEEE Security and Privacy journal article called “The Venn of Identity” that discusses the information card model and other models that attempt to solve “user-centric identity”.

How the U.S. government’s need for assurance may or may not match commercial/social requirements for assurance: How to rest assured.

The XRI TC works on the Extensible Resource Descriptor (XRD) metadata format